Do iOS and Android collect any sensor data (e.g. accelerometer, microphone) from smartphones?
If yes, do they have to ask for user permission like third-party apps?
Asked
Active
Viewed 99 times
1 Answers
1
Yes, of course they do - those functions would not work otherwise - it's the OS that collects the data before passing it on to apps. In iOS for example, you can turn off location services system-wide, as well as per-app.
The OS also needs to ask for permission to do so, but that's usually done on a per-app basis, and may only be temporary. Generally this is much more transparent on iOS than Android - Google's own apps get very greedy before they will work, and there is a long history of privacy abuse in Android apps.
Synchro
- 35,538
- 15
- 81
- 104
-
But I mean, from a privacy perspective, do mobile OS (on an above-app level) also send data back to their own servers over the internet? Or is it only apps that can access (and potentially leak) sensor data from smartphones? – Estarossa Feb 03 '19 at 18:03
-
There are definitely some services that *can* send data, especially when it’s provided by a system-wide service like location or health tracking, however, on iOS at least, such data is kept on-device, and uploads require explicit permission. – Synchro Feb 03 '19 at 18:27
-
Thank you very much! To what extent can we be sure that they always ask for permission, though? Given the fact that Android and iOS are - at least partially - closed-source, is it not a question of trust in the end? I'm trying to find out if mobile operating systems could theoretically spy on users (if they had such intentions) without being detected. – Estarossa Feb 21 '19 at 12:35
-
You can always check it yourself - generate traffic with your own app (for which you will have a private key) and monitor it using a proxy like mitmproxy, then you'll see everything that's being transmitted. Even without your own app you can see whether there is data being transmitted and to where. – Synchro Feb 21 '19 at 14:06
-
Yes, it is possible to monitor network traffic. However, you don't have the private key to decrypt traffic sent out by the OS (they could obfuscate and hide any type of sensitive information in their outgoing data flows). Therefore, my focus here is on the data collection: Is there any way we can really verify the claims of our mobile OS that they only record us with permission, or do we essentially have to rely on our trust? – Estarossa Feb 22 '19 at 08:58
-
You do have to rely on a certain amount of trust, but you could test on a clean phone with no other apps to see if *any* data other than your own is transmitted. – Synchro Feb 22 '19 at 14:27